The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Local Administrator Password Solution (LAPS) from Microsoft

Download Windows Speedup Tool to fix errors and make PC run faster

Local Administrator Password Solution (LAPs) will solve the issue of using a common local account with an identical password on every Windows computer in a domain by setting up a random, different password for the common local administrator account on every computer in the domain.

Local Administrator Password Solution for Windows

Local Administrator Password Solution

The Local Administrator Password Solution (LAPS) provides management of local account passwords of domain-joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset.

This solution automatically manages local administrator passwords on domain-joined computers, so that the password is:

  • Unique on each managed computer
  • Randomly generated
  • Securely stored in AD infrastructure.

Its features include:

Security:

  • Random password that changes automatically regularly
  • Password is protected during the transport via Kerberos encryption
  • Password is protected in AD by AD ACL
  • Effective mitigation of Pass-the-hash attack

Manageability:

  • Configurable password parameters: age, complexity, length
  • Ability to force password reset
  • Security model integrated with AD ACLs
  • End use UI can be any AD management tools of choice,
  • PowerShell and Fat client are provided
  • Protection against computer account deletion
  • Easy implementation and minimal footprint

Extensibility:

  • Additional encryption of password stored in AD
  • Password history
  • Web UI.

Domain administrators who use this solution can determine which users, such as helpdesk administrators, are authorized to read passwords.

Once you have downloaded the zip file for your system, viz. 32-bit or 64-bit, from Microsoft Download Center, extract them from the Installers.zip to a folder. 

There will be two files, AdmPwd.Setup.x64.msi and AdmPwd.Setup.x86.msi. You may also want to download the LAPS Datasheet, Operations Guide and Technical Specifications documents, as it gives a lot of information on how to use them too.

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

Reader Interactions

Comments

  1. Edward Blanchard says

    This looks like a great idea, and definitely something worth exploring. I did notice though, your write up states there is a web ui available with this, I’ve yet to see it mentioned in any other write ups, can you elaborate?

Leave a Reply

Your email address will not be published. Required fields are marked *

Live Chat Button